Introduction Privacy is fundamental to trusted collaboration and interactions to protect against malicious users and fraudulent activities



Yüklə 446 b.
səhifə1/15
tarix12.01.2019
ölçüsü446 b.
#95232
  1   2   3   4   5   6   7   8   9   ...   15



Introduction

  • Privacy is fundamental to trusted collaboration and interactions to protect against malicious users and fraudulent activities.

  • Privacy is needed to protect source of information, the destination of information, the route of information transmission of dissemination and the information content itself



Introduction

  • Basis for idea: The semantic of information changes with time, context and interpretation by humans

  • Ideas for privacy:

  • Replication and Equivalence and Similarity

  • Aggregation and Generalization

  • Exaggeration and Mutilation

  • Anonymity and Crowds

  • Access Permissions, Authentication, Views



Introduction

  • B. Basis for Idea: The exact address may only be known in the neighborhood of a peer (node)

  • Idea for Privacy:

  • Request is forwarded towards an approximate direction and position

  • Granularity of location can be changed

  • Remove association between the content of the information and the identity of the source of information

  • Somebody may know the source while others may know the content but not both

  • Timely position reports are needed to keep a node traceable but this leads to the disclosure of the trajectory of node movement

  • Enhanced algorithm(AO2P) can use the position of an abstract reference point instead of the position of destination

  • Anonymity as a measure of privacy can be based on probability of matching a position of a node to its id and the number of nodes in a particular area representing a position

  • Use trusted proxies to protect privacy



Introduction

  • C. Basis for idea: Some people or sites can be trusted more than others due to evidence, credibility , past interactions and recommendations

  • Ideas for privacy:

  • Develop measures of trust and privacy

  • Trade privacy for trust

  • Offer private information in increments over a period of time



Introduction

  • D. Basis for idea: It is hard to specify the policies for privacy preservation in a legal, precise, and correct manner. It is even harder to enforce the privacy policies

  • Ideas for privacy:

  • Develop languages to specify policies

  • Bundle data with policy constraints

  • Use obligations and penalties

  • Specify when, who, and how many times the private information can be disseminated

  • Use Apoptosis to destroy private information





Further Reluctance to Report

  • One common fear is that a crucial piece of equipment, like a main server, say, might be impounded for evidence by over-zealous investigators, thereby shutting the company down.

  • Estimate: fewer than one in ten serious intrusions are ever reported to the authorities.

  • Mike Rasch, VP Global Security, testimony before the Senate Appropriations Subcommittee, February 2000

  • reported in The Register and online testimony transcript



Methods of Defense

  • Five basic approaches to defense of computing systems

    • Prevent attack
    • Deter attack
      • Make attack harder (can’t make it impossible )
    • Deflect attack
      • Make another target more attractive than this target
    • Detect attack
      • During or after
    • Recover from attack


A) Controls

  • Castle in Middle Ages

    • Location with natural obstacles
    • Surrounding moat
    • Drawbridge
    • Heavy walls
      • Arrow slits
      • Crenellations
    • Strong gate
      • Tower
    • Guards / passwords


Medieval castles

  • Medieval castles

    • location (steep hill, island, etc.)
    • moat / drawbridge / walls / gate / guards /passwords
    • another wall / gate / guards /passwords
    • yet another wall / gate / guards /passwords
    • tower / ladders up
  • Multiple controls in computing systems can include:

    • system perimeter – defines „inside/outside”
    • preemption – attacker scared away
    • deterrence – attacker could not overcome defenses
    • faux environment (e.g. honeypot, sandbox) – attack deflected towards a worthless target (but the attacker doesn’t know about it!)
  • Note layered defense /

  • multilevel defense / defense in depth (ideal!)



A.2) Controls: Policies and Procedures

  • Policy vs. Procedure

    • Policy: What is/what is not allowed
    • Procedure: How you enforce policy
  • Advantages of policy/procedure controls:

    • Can replace hardware/software controls
    • Can be least expensive
      • Be careful to consider all costs
        • E.g. help desk costs often ignored for for passwords (=> look cheap but migh be expensive)



Yüklə 446 b.

Dostları ilə paylaş:
  1   2   3   4   5   6   7   8   9   ...   15




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin